Texas Attorney General Ken Paxton has sent a notice of violation to an Allstate data broker company, claiming the company fails to clearly inform consumers about the data it collects and how it is sold. 

The notice was sent to the company, Arity, Nov. 29 and uploaded to document cloud by The Record, a media publication, Dec. 12. 

Paxton says Arity violates the Texas Data Privacy and Security Act (TDPSA), which effective July 1, governs how companies collect, use and process Texans’ personal data. He writes this includes several obligations placed on  companies that conduct business in the state. 

Arity was founded by Allstate in 2016, according to its website. It says Arity is a mobility data and analytics company focused on improving transportation by collecting and analyzing enormous amounts of data.

“Arity collects and analyzes trillions of miles of driving data to create a greater understanding of how people move,” an October press release from the company says. “With the world’s largest driving dataset tied to insurance claims collected through mobile devices, in-car devices, and vehicles themselves, Arity derives unique insights that help insurers, developers, marketers, and communities understand and predict driving behavior at scale.”

Paxton writes that his office found Arity has violated multiple sections of the TDPSA including failure to provide consumers with a reasonably clear notice of the categories of sensitive data being processed. 

It says the company also processed consumers sensitive data without obtaining their consent. This included processing data through its use of a software development kit (SDK) to collect data from various mobile applications such as precise geolocation information and how fast the consumer’s mobile phone is moving. 

“This violation also includes Arity’s analysis and sale of sensitive data to car insurance companies,” the notification says. 

New York’s Attorney’s General Office (OAG) recently fined GEICO and Travelers Indemnity Co. $11.3 million in penalties for poor data security, which led to personal information of more than 130,000 New Yorkers being compromised. 

An OAG investigation found that both companies did not implement sufficient data security controls prior to an industry-wide campaign by hackers to steal consumers’ personal information including driver’s license numbers and dates of birth from auto insurance quoting applications, according to the release. It says the hackers used the information to file fraudulent unemployment claims during the COVID-19 pandemic. 

IMAGES

Photo courtesy of Shutter2U/iStock

Share This:

Related